Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions
Moderate severity
GitHub Reviewed
Published
Jun 19, 2026
in
cloudflare/quiche
•
Updated Jun 19, 2026
Description
Published by the National Vulnerability Database
Jun 19, 2026
Published to the GitHub Advisory Database
Jun 19, 2026
Reviewed
Jun 19, 2026
Last updated
Jun 19, 2026
Impact
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions.
The
quiche_connection_id_iter_nextandquiche_conn_retired_scid_nextfunctions would return a pointer to aConnectionIdto the applications via function arguments, but the the ownedConnectionIdwould be dropped at the end of those functions' scope.Only applications using those FFI functions are affected. The FFI API is disabled by default by a build-time feature flag.
quiche 0.29.2 is the earliest version containing the fix for this issue.
References